CVE Database

9241+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-67728
9.8 CRITICAL

Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, …

Dec 12, 2025
CVE-2025-67727
9.8 CRITICAL

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI …

Dec 12, 2025
CVE-2025-14344
9.8 CRITICAL

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function …

Dec 12, 2025
CVE-2025-12963
9.8 CRITICAL

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via account takeover in …

Dec 12, 2025
CVE-2025-64721
10.0 CRITICAL

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt …

Dec 11, 2025
CVE-2024-58309
9.8 CRITICAL

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. …

Dec 11, 2025
CVE-2024-58308
9.8 CRITICAL

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL …

Dec 11, 2025
CVE-2025-66590
9.8 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past …

Dec 11, 2025
CVE-2025-66589
9.1 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past …

Dec 11, 2025
CVE-2025-66588
9.8 CRITICAL

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code …

Dec 11, 2025
CVE-2025-36937
9.8 CRITICAL

In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution …

Dec 11, 2025
CVE-2025-14535
9.8 CRITICAL

A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument …

Dec 11, 2025
CVE-2025-14534
9.8 CRITICAL

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing …

Dec 11, 2025
CVE-2025-13780
9.1 CRITICAL

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from …

Dec 11, 2025
CVE-2025-66048
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66047
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66046
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66045
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66044
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-66043
9.8 CRITICAL

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to …

Dec 11, 2025
CVE-2025-65474
9.8 CRITICAL

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP …

Dec 11, 2025
CVE-2025-65473
9.1 CRITICAL

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via …

Dec 11, 2025
CVE-2025-14265
9.1 CRITICAL

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or …

Dec 11, 2025
CVE-2025-13764
9.8 CRITICAL

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' …

Dec 11, 2025
CVE-2025-67511
9.6 CRITICAL

Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection …

Dec 11, 2025
CVE-2025-67510
9.4 CRITICAL

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller …

Dec 10, 2025
CVE-2025-65294
9.8 CRITICAL

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command …

Dec 10, 2025
CVE-2025-65830
9.1 CRITICAL

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt …

Dec 10, 2025
CVE-2025-65827
9.1 CRITICAL

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an …

Dec 10, 2025
CVE-2025-65826
9.8 CRITICAL

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical …

Dec 10, 2025
CVE-2025-65823
9.8 CRITICAL

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an …

Dec 10, 2025
CVE-2025-65820
9.8 CRITICAL

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. …

Dec 10, 2025
CVE-2023-53740
9.8 CRITICAL

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit …

Dec 10, 2025
CVE-2020-36902
9.8 CRITICAL

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send …

Dec 10, 2025
CVE-2020-36898
9.1 CRITICAL

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. …

Dec 10, 2025
CVE-2020-36897
9.8 CRITICAL

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. …

Dec 10, 2025
CVE-2020-36892
9.8 CRITICAL

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can …

Dec 10, 2025
CVE-2020-36885
9.8 CRITICAL

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can …

Dec 10, 2025
CVE-2025-65602
9.8 CRITICAL

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Dec 10, 2025
CVE-2025-64539
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-64538
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-64537
9.3 CRITICAL

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker …

Dec 10, 2025
CVE-2025-13607
9.4 CRITICAL

A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.

Dec 10, 2025
CVE-2025-65792
9.1 CRITICAL

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.

Dec 10, 2025
CVE-2025-34394
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization …

Dec 10, 2025
CVE-2025-34393
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, …

Dec 10, 2025
CVE-2025-34392
9.8 CRITICAL

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that …

Dec 10, 2025
CVE-2025-13184
9.8 CRITICAL

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions …

Dec 10, 2025
CVE-2025-41732
9.8 CRITICAL

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full …

Dec 10, 2025
CVE-2025-41730
9.8 CRITICAL

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full …

Dec 10, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.